Get-AzADUser 在 Azure Devops MS 托管代理上返回空
[英]Get-AzADUser returns empty on Azure Devops MS hosted agent
问题描述
I am using Az Powershell Module on Azure Devops Pipeline Task.
我在 Azure Devops 管道任务上使用 Az Powershell 模块。 My problem is that Get-AzADUser command returns empty on Azure Devops MS hosted agent although it functions well on Azure Cloud Shell and returns the AzAD Users .我的问题是Get-AzADUser命令在Azure Devops MS hosted agent上返回空,尽管它在Azure Cloud Shell上运行良好并返回 AzAD Users 。 I am using the same account for both (Cloud Shell and Azure Devops).我对两者(Cloud Shell 和 Azure Devops)使用相同的帐户。
Here below are the logs of the Azure Devops Task:以下是 Azure Devops 任务的日志:
2020-10-23T09:04:34.5200816Z ##[section]Starting: Azure PowerShell script: FilePath
2020-10-23T09:04:34.5561322Z ==============================================================================
2020-10-23T09:04:34.5562144Z Task : Azure PowerShell
2020-10-23T09:04:34.5563006Z Description : Run a PowerShell script within an Azure environment
2020-10-23T09:04:34.5563312Z Version : 5.176.2
2020-10-23T09:04:34.5564072Z Author : Microsoft Corporation
2020-10-23T09:04:34.5565422Z Help : https://aka.ms/azurepowershelltroubleshooting
2020-10-23T09:04:34.5566084Z ==============================================================================
2020-10-23T09:04:36.0669385Z Generating script.
2020-10-23T09:04:36.1560120Z ========================== Starting Command Output ===========================
2020-10-23T09:04:36.1824475Z ##[command]"C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'D:\a\_temp\11730398-1e70-4056-a1ec-5d9694307da4.ps1'"
2020-10-23T09:04:39.1363993Z ##[command]Import-Module -Name C:\Modules\az_4.7.0\Az.Accounts\1.9.4\Az.Accounts.psd1 -Global
2020-10-23T09:04:48.4455502Z ##[command]Clear-AzContext -Scope Process
2020-10-23T09:04:49.5325261Z ##[command]Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
2020-10-23T09:04:49.8445719Z ##[command]Connect-AzAccount -ServicePrincipal -Tenant *** -Credential System.Management.Automation.PSCredential -Environment AzureCloud @processScope
2020-10-23T09:04:52.0059255Z ##[command] Set-AzContext -SubscriptionId *** -TenantId ***
2020-10-23T09:04:52.9718588Z Get-AzADUser
What should i do so that it returns the ADUser objects?我应该怎么做才能返回 ADUser 对象?
1 个解决方案
解决方案1
1 已采纳 2020-10-26 03:03:15
In Azure Cloud Shell, it uses the credential of the user logged in the azure portal, if it works, it just means your user account has the permission to list the users.在 Azure Cloud Shell 中,它使用登录到 azure 门户的用户的凭据,如果它有效,则仅表示您的用户帐户具有列出用户的权限。
In the devops pipeline, it uses the credential of the service principal which is configured in the Project Settings -> Service connections , not the user account logged in the devops.在 devops 管道中,它使用在Project Settings -> Service connections配置的服务主体的凭据,而不是在 devops 中登录的用户帐户。
To solve the issue, navigate to the Project Settings in devops -> Service connections -> find the service connection you used -> click Manage Service Principal .要解决此问题,请导航到 devops 中的Project Settings -> Service connections -> 找到您使用的服务连接 -> 单击Manage Service Principal 。
Then it will open the Azure AD App page of the service principal, navigate to the API permissions -> add the Application permission Directory.Read.All of Azure Active Directory Graph like below( Note : It should be Azure Active Directory Graph , not Microsoft Graph ).然后它会打开服务主体的 Azure AD App 页面,导航到API permissions -> 添加应用权限Directory.Read.All Azure Active Directory Graph如下(注意:它应该是Azure Active Directory Graph ,而不是Microsoft Graph )。
Note: Don' forget to click the Grant admin consent for xxx button at last.注意:最后不要忘记单击Grant admin consent for xxx按钮。
Then go to your devops to have a try, it should work.然后去你的 devops 试一试,它应该可以工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.